mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-30 23:48:09 +01:00
1130b656e5
This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
428 lines
10 KiB
Plaintext
428 lines
10 KiB
Plaintext
<!-- $FreeBSD$ -->
|
|
<!-- The FreeBSD Documentation Project -->
|
|
|
|
<sect><heading>Setting up kernel PPP<label id="ppp"></heading>
|
|
|
|
<p><em>Contributed by &a.gena;.</em>
|
|
|
|
Before you start setting up PPP on your machine make
|
|
sure that pppd is located in /usr/sbin and directory /etc/ppp
|
|
exists.
|
|
|
|
pppd can work in two modes:
|
|
<enum>
|
|
<item> as a "client" , i.e. you want to connect your machine to outside
|
|
world via PPP serial connection or modem line.
|
|
|
|
<item> as a "server" , i.e. your machine is located on the network and
|
|
used to connect other computers using PPP.
|
|
</enum>
|
|
In both cases you will need to set up an options file (<tt>/etc/ppp/options</tt>
|
|
or <tt>~/.ppprc</tt> if you have more then one user on your machine that uses
|
|
PPP).
|
|
|
|
You also will need some modem/serial software ( preferably kermit )
|
|
so you can dial and establish connection with remote host.
|
|
|
|
<sect1><heading>Working as a PPP client</heading>
|
|
|
|
<p>I used the following <tt>/etc/ppp/options</tt> to connect to CISCO terminal
|
|
server PPP line.
|
|
<verb>
|
|
crtscts # enable hardware flow control
|
|
modem # modem control line
|
|
noipdefault # remote PPP server must supply your IP address.
|
|
# if the remote host doesn't send your IP during IPCP
|
|
# negotiation , remove this option
|
|
passive # wait for LCP packets
|
|
domain ppp.foo.com # put your domain name here
|
|
|
|
:<remote_ip> # put the IP of remote PPP host here
|
|
# it will be used to route packets via PPP link
|
|
# if you didn't specified the noipdefault option
|
|
# change this line to <local_ip>:<remote_ip>
|
|
|
|
defaultroute # put this if you want that PPP server will be your
|
|
# default router
|
|
</verb>
|
|
|
|
To connect:
|
|
<enum>
|
|
<item> Dial to the remote host using kermit ( or other modem program )
|
|
enter your user name and password ( or whatever is needed to enable PPP
|
|
on the remote host )
|
|
|
|
<item> Exit kermit. ( without hanging up the line )
|
|
|
|
<item> enter:
|
|
<verb>
|
|
/usr/src/usr.sbin/pppd.new/pppd /dev/tty01 19200
|
|
</verb>
|
|
( put the appropriate speed and device name )
|
|
</enum>
|
|
|
|
Now your computer is connected with PPP. If the connection fails for some
|
|
reasons you can add the "debug" option to the <tt>/etc/ppp/options</tt> file
|
|
and check messages on the console to track the problem
|
|
|
|
Following <tt>/etc/ppp/pppup</tt> script will make all 3 stages automatically:
|
|
<verb>
|
|
#!/bin/sh
|
|
ps ax |grep pppd |grep -v grep
|
|
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
|
|
if [ "X${pid}" != "X" ] ; then
|
|
echo 'killing pppd, PID=' ${pid}
|
|
kill ${pid}
|
|
fi
|
|
ps ax |grep kermit |grep -v grep
|
|
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
|
|
if [ "X${pid}" != "X" ] ; then
|
|
echo 'killing kermit, PID=' ${pid}
|
|
kill -9 ${pid}
|
|
fi
|
|
|
|
ifconfig ppp0 down
|
|
ifconfig ppp0 delete
|
|
|
|
kermit -y /etc/ppp/kermit.dial
|
|
pppd /dev/tty01 19200
|
|
</verb>
|
|
|
|
<tt>/etc/ppp/kermit.dial</tt> is kermit script that dials and makes all
|
|
necessary authorization on the remote host.
|
|
( Example of such script is attached to the end of this document )
|
|
|
|
Use the following <tt>/etc/ppp/pppdown</tt> script to disconnect the PPP line:
|
|
<verb>
|
|
#!/bin/sh
|
|
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
|
|
if [ X${pid} != "X" ] ; then
|
|
echo 'killing pppd, PID=' ${pid}
|
|
kill -TERM ${pid}
|
|
fi
|
|
|
|
ps ax |grep kermit |grep -v grep
|
|
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
|
|
if [ "X${pid}" != "X" ] ; then
|
|
echo 'killing kermit, PID=' ${pid}
|
|
kill -9 ${pid}
|
|
fi
|
|
|
|
/sbin/ifconfig ppp0 down
|
|
/sbin/ifconfig ppp0 delete
|
|
kermit -y /etc/ppp/kermit.hup
|
|
/etc/ppp/ppptest
|
|
</verb>
|
|
|
|
Check if PPP is still running (<tt>/usr/etc/ppp/ppptest</tt>):
|
|
<verb>
|
|
#!/bin/sh
|
|
pid=`ps ax| grep pppd |grep -v grep|awk '{print $1;}'`
|
|
if [ X${pid} != "X" ] ; then
|
|
echo 'pppd running: PID=' ${pid-NONE}
|
|
else
|
|
echo 'No pppd running.'
|
|
fi
|
|
set -x
|
|
netstat -n -I ppp0
|
|
ifconfig ppp0
|
|
</verb>
|
|
|
|
Hangs up modem line (<tt>/etc/ppp/kermit.hup</tt>):
|
|
<verb>
|
|
set line /dev/tty01 ; put your modem device here
|
|
set speed 19200
|
|
set file type binary
|
|
set file names literal
|
|
set win 8
|
|
set rec pack 1024
|
|
set send pack 1024
|
|
set block 3
|
|
set term bytesize 8
|
|
set command bytesize 8
|
|
set flow none
|
|
|
|
pau 1
|
|
out +++
|
|
inp 5 OK
|
|
out ATH0\13
|
|
echo \13
|
|
exit
|
|
</verb>
|
|
|
|
|
|
<p>Here is an alternate method using <tt>chat</tt> instead of
|
|
<tt>kermit</tt>.
|
|
|
|
<em>Contributed by &a.rhuff;.</em>
|
|
|
|
<p>The following two files are sufficient to accomplish a pppd
|
|
connection.
|
|
|
|
<p><tt>/etc/ppp/options</tt>:
|
|
<verb>
|
|
/dev/cuaa1 115200
|
|
|
|
crtscts # enable hardware flow control
|
|
modem # modem control line
|
|
connect "/usr/bin/chat -f /etc/ppp/login.chat.script"
|
|
noipdefault # remote PPP server must supply your IP address.
|
|
# if the remote host doesn't send your IP during
|
|
# IPCP negotiation, remove this option
|
|
passive # wait for LCP packets
|
|
domain <your.domain> # put your domain name here
|
|
|
|
: # put the IP of remote PPP host here
|
|
# it will be used to route packets via PPP link
|
|
# if you didn't specified the noipdefault option
|
|
# change this line to <local_ip>:<remote_ip>
|
|
|
|
defaultroute # put this if you want that PPP server will be
|
|
# your default router
|
|
</verb>
|
|
|
|
|
|
<p><tt>/etc/ppp/login.chat.script</tt>:
|
|
|
|
(This should actually go into a single line.)
|
|
|
|
<verb>
|
|
ABORT BUSY ABORT 'NO CARRIER' "" AT OK ATDT<phone.number>
|
|
CONNECT "" TIMEOUT 10 ogin:-\\r-ogin: <login-id>
|
|
TIMEOUT 5 sword: <password>
|
|
</verb>
|
|
|
|
|
|
Once these are installed and modified correctly, all you need to
|
|
do is
|
|
|
|
<p><tt>pppd</tt>.
|
|
|
|
|
|
<em> This sample based primarily on information provided by: Trev Roydhouse
|
|
<Trev.Roydhouse@f401.n711.z3.fidonet.org> and used by
|
|
permission.</em>
|
|
|
|
|
|
<sect1><heading>Working as a PPP server</heading>
|
|
|
|
<p><tt>/etc/ppp/options</tt>:
|
|
<verb>
|
|
crtscts # Hardware flow control
|
|
netmask 255.255.255.0 # netmask ( not required )
|
|
192.114.208.20:192.114.208.165 # ip's of local and remote hosts
|
|
# local ip must be different from one
|
|
# you assigned to the ethernet ( or other )
|
|
# interface on your machine.
|
|
# remote IP is ip address that will be
|
|
# assigned to the remote machine
|
|
domain ppp.foo.com # your domain
|
|
passive # wait for LCP
|
|
modem # modem line
|
|
</verb>
|
|
|
|
Following <tt>/etc/ppp/pppserv</tt> script will enable ppp server on your
|
|
machine
|
|
<verb>
|
|
#!/bin/sh
|
|
ps ax |grep pppd |grep -v grep
|
|
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
|
|
if [ "X${pid}" != "X" ] ; then
|
|
echo 'killing pppd, PID=' ${pid}
|
|
kill ${pid}
|
|
fi
|
|
ps ax |grep kermit |grep -v grep
|
|
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
|
|
if [ "X${pid}" != "X" ] ; then
|
|
echo 'killing kermit, PID=' ${pid}
|
|
kill -9 ${pid}
|
|
fi
|
|
|
|
# reset ppp interface
|
|
ifconfig ppp0 down
|
|
ifconfig ppp0 delete
|
|
|
|
# enable autoanswer mode
|
|
kermit -y /etc/ppp/kermit.ans
|
|
|
|
# run ppp
|
|
pppd /dev/tty01 19200
|
|
</verb>
|
|
|
|
Use this <tt>/etc/ppp/pppservdown</tt> script to stop ppp server:
|
|
<verb>
|
|
#!/bin/sh
|
|
ps ax |grep pppd |grep -v grep
|
|
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
|
|
if [ "X${pid}" != "X" ] ; then
|
|
echo 'killing pppd, PID=' ${pid}
|
|
kill ${pid}
|
|
fi
|
|
ps ax |grep kermit |grep -v grep
|
|
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
|
|
if [ "X${pid}" != "X" ] ; then
|
|
echo 'killing kermit, PID=' ${pid}
|
|
kill -9 ${pid}
|
|
fi
|
|
ifconfig ppp0 down
|
|
ifconfig ppp0 delete
|
|
|
|
kermit -y /etc/ppp/kermit.noans
|
|
</verb>
|
|
|
|
Following kermit script will enable/disable autoanswer mode
|
|
on your modem (<tt>/etc/ppp/kermit.ans</tt>):
|
|
<verb>
|
|
set line /dev/tty01
|
|
set speed 19200
|
|
set file type binary
|
|
set file names literal
|
|
set win 8
|
|
set rec pack 1024
|
|
set send pack 1024
|
|
set block 3
|
|
set term bytesize 8
|
|
set command bytesize 8
|
|
set flow none
|
|
|
|
pau 1
|
|
out +++
|
|
inp 5 OK
|
|
out ATH0\13
|
|
inp 5 OK
|
|
echo \13
|
|
out ATS0=1\13 ; change this to out ATS0=0\13 if you want to disable
|
|
; autoanswer mod
|
|
inp 5 OK
|
|
echo \13
|
|
exit
|
|
</verb>
|
|
|
|
This <tt>/etc/ppp/kermit.dial</tt> script is used for dialing and authorizing
|
|
on remote host. You will need to customize it for your needs.
|
|
Put your login and password in this script , also you will need
|
|
to change input statement depending on responses from your modem
|
|
and remote host.
|
|
<verb>
|
|
;
|
|
; put the com line attached to the modem here:
|
|
;
|
|
set line /dev/tty01
|
|
;
|
|
; put the modem speed here:
|
|
;
|
|
set speed 19200
|
|
set file type binary ; full 8 bit file xfer
|
|
set file names literal
|
|
set win 8
|
|
set rec pack 1024
|
|
set send pack 1024
|
|
set block 3
|
|
set term bytesize 8
|
|
set command bytesize 8
|
|
set flow none
|
|
set modem hayes
|
|
set dial hangup off
|
|
set carrier auto ; Then SET CARRIER if necessary,
|
|
set dial display on ; Then SET DIAL if necessary,
|
|
set input echo on
|
|
set input timeout proceed
|
|
set input case ignore
|
|
def \%x 0 ; login prompt counter
|
|
goto slhup
|
|
|
|
:slcmd ; put the modem in command mode
|
|
echo Put the modem in command mode.
|
|
clear ; Clear unread characters from input buffer
|
|
pause 1
|
|
output +++ ; hayes escape sequence
|
|
input 1 OK\13\10 ; wait for OK
|
|
if success goto slhup
|
|
output \13
|
|
pause 1
|
|
output at\13
|
|
input 1 OK\13\10
|
|
if fail goto slcmd ; if modem doesn't answer OK, try again
|
|
|
|
:slhup ; hang up the phone
|
|
clear ; Clear unread characters from input buffer
|
|
pause 1
|
|
echo Hanging up the phone.
|
|
output ath0\13 ; hayes command for on hook
|
|
input 2 OK\13\10
|
|
if fail goto slcmd ; if no OK answer, put modem in command mode
|
|
|
|
:sldial ; dial the number
|
|
pause 1
|
|
echo Dialing.
|
|
output atdt9,550311\13\10 ; put phone number here
|
|
assign \%x 0 ; zero the time counter
|
|
|
|
:look
|
|
clear ; Clear unread characters from input buffer
|
|
increment \%x ; Count the seconds
|
|
input 1 {CONNECT }
|
|
if success goto sllogin
|
|
reinput 1 {NO CARRIER\13\10}
|
|
if success goto sldial
|
|
reinput 1 {NO DIALTONE\13\10}
|
|
if success goto slnodial
|
|
reinput 1 {\255}
|
|
if success goto slhup
|
|
reinput 1 {\127}
|
|
if success goto slhup
|
|
if < \%x 60 goto look
|
|
else goto slhup
|
|
|
|
:sllogin ; login
|
|
assign \%x 0 ; zero the time counter
|
|
pause 1
|
|
echo Looking for login prompt.
|
|
|
|
:slloop
|
|
increment \%x ; Count the seconds
|
|
clear ; Clear unread characters from input buffer
|
|
output \13
|
|
;
|
|
; put your expected login prompt here:
|
|
;
|
|
input 1 {Username: }
|
|
if success goto sluid
|
|
reinput 1 {\255}
|
|
if success goto slhup
|
|
reinput 1 {\127}
|
|
if success goto slhup
|
|
if < \%x 10 goto slloop ; try 10 times to get a login prompt
|
|
else goto slhup ; hang up and start again if 10 failures
|
|
|
|
:sluid
|
|
;
|
|
; put your userid here:
|
|
;
|
|
output ppp-login\13
|
|
input 1 {Password: }
|
|
;
|
|
; put your password here:
|
|
;
|
|
output ppp-password\13
|
|
input 1 {Entering SLIP mode.}
|
|
echo
|
|
quit
|
|
|
|
:slnodial
|
|
echo \7No dialtone. Check the telephone line!\7
|
|
exit 1
|
|
|
|
; local variables:
|
|
; mode: csh
|
|
; comment-start: "; "
|
|
; comment-start-skip: "; "
|
|
; end:
|
|
</verb>
|
|
|
|
<!--
|
|
###################################################################
|
|
Gennady B. Sorokopud ( gena@NetVision.net.il ) 24/10/94 12:00
|
|
-->
|
|
|